Description of problem: Running ipsilon-client-install --saml-idp-metadata https://$IPSILON_SERVER/idp/saml2/metadata --saml-auth /protected produces configuration which yields 403 Forbidden even when correctly authenticated. Version-Release number of selected component (if applicable): ipsilon-base-2.0.0-1.fc24.noarch ipsilon-client-2.0.0-1.fc24.noarch ipsilon-filesystem-2.0.0-1.fc24.noarch ipsilon-saml2-2.0.0-1.fc24.noarch ipsilon-saml2-base-2.0.0-1.fc24.noarch How reproducible: Deterministic. Steps to Reproduce: 1. ipsilon-client-install --saml-idp-metadata https://$IPSILON_SERVER/idp/saml2/metadata --saml-auth /protected 2. systemctl restart httpd 3. Access the /protected URL Actual results: Forbidden You don't have permission to access /protected/test.cgi on this server. ==> /var/log/httpd/ssl_error_log <== [Thu Nov 03 16:17:12.498877 2016] [authz_core:error] [pid 3536] [client 10.34.131.181:57890] AH01630: client denied by server configuration: /usr/share/ipsilon/ui/saml2sp Expected results: No error. Additional info: The ipsilon-client-install produces /etc/httpd/conf.d/ipsilon-saml.conf which has Alias /protected /usr/share/ipsilon/ui/saml2sp <Directory /usr/share/ipsilon/ui/saml2sp> </Directory> in it. It did not do that in previous versions and it shouldn't do that. After commenting out those lines, things start to work.
ipsilon-2.0.2-2.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37
ipsilon-2.0.2-2.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad
ipsilon-2.0.2-2.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
ipsilon-2.0.2-2.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-2d8fb6d7ad
ipsilon-2.0.2-2.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-30077d1b37
ipsilon-2.0.2-2.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-b465090499
Verified that ipsilon-client-2.0.2-2.fc25.noarch fixes the issue, the Alias is no longer in the config after ipsilon-client-install and I can log in fine.
ipsilon-2.0.2-2.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
ipsilon-2.0.2-2.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.